fix: add npm overrides for tar and undici security advisories
The dependency tree through @kinvolk/headlamp-plugin constrains tar (via pluginctl) and undici (via cheerio/i18next-parser). While the lockfile currently resolves to patched versions, Dependabot cannot auto-update these transitive deps. Adding explicit overrides ensures tar>=7.5.11 and undici>=7.24.3 are always resolved, preventing future Dependabot failures. Fixes #64 Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Gandalf the Greybeard
@@ -30,6 +30,10 @@
|
|||||||
"react": "^18.0.0",
|
"react": "^18.0.0",
|
||||||
"react-dom": "^18.0.0"
|
"react-dom": "^18.0.0"
|
||||||
},
|
},
|
||||||
|
"overrides": {
|
||||||
|
"tar": "^7.5.11",
|
||||||
|
"undici": "^7.24.3"
|
||||||
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@kinvolk/headlamp-plugin": "^0.13.0",
|
"@kinvolk/headlamp-plugin": "^0.13.0",
|
||||||
"@mui/material": "^5.15.14",
|
"@mui/material": "^5.15.14",
|
||||||
|
|||||||
Reference in New Issue
Block a user